We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple patch comes three months after security warning

OS X not as secure as once thought

Apple has released a patch for Mac OS X fixing a major security hole in Java, three months after Sun Microsystems' original warning.

The vulnerability, first revealed in late November, could allow an applet, embedded in a website for example, to bypass Java's security restrictions and potentially execute malicious code on a user's system.

It wasn't originally clear whether OS X was affected; Sun's November advisory only listed Solaris, Linux and Windows in its list of vulnerable operating systems.

"You only need to visit a website for it to be able to run arbitrary code outside the Java sandbox environment. This gives the attacker the same privileges as the user who is currently logged on," said Thomas Kristensen, CTO at security firm Secunia.

On Tuesday, Apple acknowledged the Java flaw affects Mac OS X and included the fix in a security update. The fix is available from Apple's website and through OS X's automated update system. On OS X, the bug doesn't affect versions of Java before 1.4.2, Apple said. Kristensen noted that some operating system makers, such as Gentoo, patched the flaw a few days after Sun's original warning.

The Java flaw is an embarrassment for Sun, which portrays Java as more secure than Microsoft alternatives such as ActiveX. Apple has also had a problem with its handling of security issues recently. Last year it was criticised for downplaying serious security flaws in Mac OS X, though critics say the company has become more open since then.

In an analysis last year, security firm Secunia found that OS X doesn't stand out as particularly more secure than the competition, in contrast to its image.

The operating system had a similar proportion of critical bugs to competitors such as Windows XP Professional, Red Hat Advanced Server and Suse Linux Enterprise Server, Secunia said. However, Mac users generally don't experience the kinds of attacks Windows users do, because of the platform's small market share.

In January, researchers found a serious hole in Darwin, the Unix-based core of OS X that Apple likes to call "rock-solid".

IDG UK Sites

Android M / Android 6.0 UK release date and new feature rumours: Android M live video stream -...

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Jony Ive 'semi-retired' into new role: kicked upstairs as Chief Design Officer